Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

CVE-2026-44722: CWE-480: Use of Incorrect Operator in danifus pyzipper

0
Medium
VulnerabilityCVE-2026-44722cvecve-2026-44722cwe-480
Published: 07/17/2026 (07/17/2026, 16:42:01 UTC)
Source: CVE Database V5
Vendor/Project: danifus
Product: pyzipper

Description

pyzipper is a replacement for Python's zipfile that can read and write AES encrypted zip files. Prior to 0.4.0, a Python operator precedence bug in pyzipper/zipfile_aes.py caused the AE-2 format to never be automatically selected during encryption, causing encrypted entries to be written in AE-1 format and exposing the plaintext CRC32 checksum in the ZIP header and, for unseekable zip archives, in the datadescripter section, allowing an attacker who possesses the archive to brute-force candidate plaintexts for small or low-entropy files by comparing CRC32 values. This issue is fixed in version 0.4.0.

CVSS v3.1

Score 6.2medium

Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected software

pyzipper
pkg:pypi/pyzipper
Affected versions
<0.4.0

Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/18/2026, 12:00:39 UTC

Technical Analysis

The vulnerability in pyzipper (CVE-2026-44722) arises from incorrect operator usage in the pyzipper/zipfile_aes.py module prior to version 0.4.0. This bug causes the AE-2 encryption format to never be selected automatically during encryption, resulting in the use of the AE-1 format instead. AE-1 encryption exposes the plaintext CRC32 checksum in the ZIP header and datadescriptor, which can be leveraged by an attacker possessing the archive to brute-force plaintexts of small or low-entropy files by comparing CRC32 values. The vulnerability has a CVSS 3.1 base score of 6.2 (medium severity) and does not affect integrity or availability, only confidentiality. The issue is resolved in pyzipper version 0.4.0.

Potential Impact

Confidentiality is impacted because the plaintext CRC32 checksum is exposed in encrypted ZIP files using AE-1 format instead of AE-2. This exposure enables an attacker with access to the archive to perform brute-force attacks on small or low-entropy files by comparing CRC32 checksums, potentially revealing plaintext content. There is no impact on integrity or availability.

Mitigation Recommendations

Upgrade to pyzipper version 0.4.0 or later, where this issue is fixed by correctly selecting the AE-2 encryption format during encryption. No other mitigations are indicated. Patch status is confirmed by the vendor advisory stating the fix is in version 0.4.0.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Data Version
5.2
Assigner Short Name
GitHub_M
Date Reserved
2026-05-07T18:04:17.308Z
Cvss Version
3.1
State
PUBLISHED
Remediation Level
null

Threat ID: 6a5b5eb82d1edb114c7fb6b3

Added to database: 07/18/2026, 11:08:40 UTC

Last enriched: 07/18/2026, 12:00:39 UTC

Last updated: 07/18/2026, 13:20:49 UTC

Views: 4

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses